CVE-2014-9023

2014-11-2017:50:12

CWE-264

[email protected]

web.nvd.nist.gov

twilio

drupal

authentication

access control

cve-2014-9023

nvd

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.2%

JSON

The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tokens by leveraging the “access administration pages” Drupal permission.

Affected configurations

NVD

Node

twilio_projecttwilioMatch7.x-1.1drupal

twilio_projecttwilioMatch7.x-1.2drupal

twilio_projecttwilioMatch7.x-1.4drupal

twilio_projecttwilioMatch7.x-1.5drupal

twilio_projecttwilioMatch7.x-1.6drupal

twilio_projecttwilioMatch7.x-1.8drupal

twilio_projecttwilioMatch7.x-1.9drupal

CPENameOperatorVersion
twilio_project:twiliotwilio project twilioeq7.x-1.1
twilio_project:twiliotwilio project twilioeq7.x-1.2
twilio_project:twiliotwilio project twilioeq7.x-1.4
twilio_project:twiliotwilio project twilioeq7.x-1.5
twilio_project:twiliotwilio project twilioeq7.x-1.6
twilio_project:twiliotwilio project twilioeq7.x-1.8
twilio_project:twiliotwilio project twilioeq7.x-1.9

CPE	Name	Operator	Version
twilio_project:twilio	twilio project twilio	eq	7.x-1.1
twilio_project:twilio	twilio project twilio	eq	7.x-1.2
twilio_project:twilio	twilio project twilio	eq	7.x-1.4
twilio_project:twilio	twilio project twilio	eq	7.x-1.5
twilio_project:twilio	twilio project twilio	eq	7.x-1.6
twilio_project:twilio	twilio project twilio	eq	7.x-1.8
twilio_project:twilio	twilio project twilio	eq	7.x-1.9